I can't reproduce consistently on any OS including Fedora 20, but I was
able to trigger the issue on a Ubuntu 13.10 client.

Advertising

sssd: 1.11.1
sudo: 1.8.6p3-0ubuntu3
I have only just enabled the sudo logging so it should only contain the
events below:
sdainard-ad...@miovision.corp@ubu1310:~$ sudo su
[sudo] password for sdainard-ad...@miovision.corp:
sdainard-ad...@miovision.corp is not allowed to run sudo on ubu1310.
This incident will be reported.
sdainard-ad...@miovision.corp@ubu1310:~$ sudo su
[sudo] password for sdainard-ad...@miovision.corp:
root@ubu1310:/home/miovision.corp/sdainard-admin#
Files attached outside of list.

Hi,

thank you for the logs. Can you also send me output of command "id
sdainard-admin" (also check if group membership is correct) and
definition of the sudo rule please?

Also you may want to fix the following (unrelated) warning:

Deprecation warning: The option ipa_dyndns_update is deprecated and
should not be used in favor of dyndns_update